Allow datasource credentials to be passed by client #446
Assignees
Labels
docs
Documentation creation, updates or corrections
Comments
|
I believe this could also be useful to @Errorname with the prisma multi-tenant extension. |
|
I used the undocumented way to pass a datasource to the client in a previous version of url = env("DATABASE_URL")And then dynamically change the ENV before instantiating: process.env.DATABASE_URL = 'whatever_url'
const prisma = new Prisma() |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
In production, we store secrets in a vault for secrets and we do not expose them as environment variables. The service requests a secret from the vault (database credentials) and receives them if authorized, those secrets are stored in memory only and could be unique for this service (the hashicorp Vault can generate database credentials on the fly). We thus need to tell the connection string at runtime when creating the client, which happens just after retrieving the secrets.
Solution
It seems like there is an undocumented way to pass a datasource to the client. It might be a way to override the datasource specified in the schema?
Additional context
Eventually we will also need the same way of securely passing the secret to the migration, most likely by having a programmatic access to the
migrate up(if we don't already).The text was updated successfully, but these errors were encountered: